From bce345210475a49aa49ac881982afbfa517868dd Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Mon, 30 Apr 2018 12:46:42 +0200
Subject: [PATCH] Copy-in neutron cert via kolla extended/start

Instead of bind-mounting in RW mode, follow the established
approach for ditributing certificates in containers.

Related-Bug: #1759049
Partial-Bug: #1767998

Change-Id: I6bcb72b8b600b6b1d916b64c161bca22c802cf07
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
 docker/services/neutron-dhcp.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml
index 2e2ca55fd7..b0c79d44bf 100644
--- a/docker/services/neutron-dhcp.yaml
+++ b/docker/services/neutron-dhcp.yaml
@@ -112,6 +112,11 @@ outputs:
               dest: "/"
               merge: true
               preserve_properties: true
+            - source: "/var/lib/kolla/config_files/src-tls/*"
+              dest: "/"
+              merge: true
+              preserve_properties: true
+              optional: true
           permissions:
             - path: /var/log/neutron
               owner: neutron:neutron
@@ -149,8 +154,8 @@ outputs:
                 -
                   if:
                     - internal_tls_enabled
-                    - - /etc/pki/tls/certs/neutron.crt:/etc/pki/tls/certs/neutron.crt
-                      - /etc/pki/tls/private/neutron.key:/etc/pki/tls/private/neutron.key
+                    - - /etc/pki/tls/certs/neutron.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/neutron.crt:ro
+                      - /etc/pki/tls/private/neutron.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/neutron.key:ro
                       - list_join:
                         - ':'
                         - - {get_param: InternalTLSCAFile}